'Important' Windows flaw could turn critical

[SDK]

Security experts are bracing themselves for a spate of new worms and viruses designed to exploit of the seven new vulnerabilities announced by Microsoft on Tuesday as part of its monthly patch cycle.

Of the new vulnerabilities, Windows Shell (MS04-024)--has been picked out by security experts as a potential target for future worms and viruses.

Ben Nagy, senior security engineer at security researcher firm eEye, said he expects the Windows Shell bug to be the most serious threat--despite Microsoft rating the problem as 'important' rather than 'critical'.

According to Microsoft, if a user is vulnerable to MS04-024 and has administrator privileges, an attacker could "take complete control of the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges."

However, the flaw is not rated as critical because it would require "significant user interaction" to work. This means that a user would need to open an e-mail attachment, or download a file from a malicious Web site.

Richard Starnes, president of security industry group ISSA UK, said that malware writers usually reverse-engineer Microsoft's patches in order to produce exploits. Based on his on experience of previous threats, he expects the first batch of new exploit codes to be available as early as next week. These would probably be used to create a worm delivered as an email attachment.

"Given the trend, it will probably take between five and seven days for exploits to start appearing--depending on their complexity. Because it has to be locally executed, it is likely to be another LoveBug scenario," Starnes said.

EEye's Nagy agrees that to exploit the vulnerability, a virus will most likely be distributed as an e-mail attachment, but the vulnerability could also be 'blended' with another attack.

"I don't think either vulnerability could create a Sasser or MSBlast type-worm, but we are seeing many blended threats, so it could be used in combination with other exploits," said Nagy.

Source : http://zdnet.com.com/2100-1105_2-5268989.html

[AngelicKnight]

However, the flaw is not rated as critical because it would require "significant user interaction" to work. This means that a user would need to open an e-mail attachment, or download a file from a malicious Web site.

Well, thank goodness most users don't blindly open e-mail attachments or download files. Phew! Oh...waita sec...

[ric-o]

This is interesting because Microsoft updated the bulletin (v1.1) adding that it requires significant user interaction in order for exploitation to occur....YET they said in the previous paragraph that an attacker would need to direct a user to a web site containing exploit code.

Well that isn't all that hard especially if you buy ad space directing users to your site. And we know how much users love to click those ads.

Doesn't sound "significant" to me. Call me suspicious but I don't think M$ is giving us the WHOLE STORY here!!!

[AngelicKnight]

Not giving us the whole story? Naaaaaah!

[Palemoon]

Having to open an email attachment in Microsofts own Outlook or Outlook Express requires one thing the "Preview Pane" enabled so much for that one. A simple HTML email with the code Preview on your gonna get the virus, it is a simple truth 1/2 their Security fixes are desigend to change their own flawed settings. No Patches for the 3 or is it 6 exploits in IE right now their answer let them install the fix that will give you a work around this is Increase your security setting in the internet zone to high which will disable being able to log into a web siite in secure mode sure you have to manually go enter those site before hand and then visit them all requires some basic understanding. But since it is a mass 90 guilty of a corner on the market also in their work around enable your auto update without even asking you after all they are Microsoft you trust them. These two things raise major problems upon private networks cause I have had my servers crash to many times from the patch I wanted and did not work. With their market share they just lump it all together. My users are worried hear the news and attempt to correct their own computers cause they want a pay check and if they are able to do so as M$ sort of can do it in spite of be being the person in charge evelate their privlages. I will not use their removal tool for the latest exploits was much more easy for the sake of my users to simply change their browser and soon Outlook it is like an expense whore or gigilo. Waste of time peoples work time , all the holes cost lots of Money and I hope your support is not outsourced to India where the first step in solving an issue in computing is not page one have you re-booted